Donate Telegram

CVE-2026-29068

HIGH CVSS 4.0: 8.7 EPSS 0.04%

Mar 06, 2026

Updated Mar 06, 2026

Payload

Parameter	Value
CVSS	8.7 (HIGH)
Fixed In	2.17
Type	CWE-121 (Stack-based Buffer Overflow (Переполнение буфера в стеке))
Vendor	Payload
Public PoC	No

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Attack Requirements

None

Нет дополнительных условий

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

None

Нет утечки данных

Integrity

None

Нет модификации данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v4.0

Weakness Type (CWE)

CWE-121 Stack-based Buffer Overflow (Переполнение буфера в стеке)

References 2

https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8…

security-advisories@github.com

https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-55289

Payload

CVE-2026-27749

Payload

CVE-2026-28772

Payload

CVE-2023-31044

Payload

CVE-2025-65465

Payload

CVE Details

CVE ID

CVE-2026-29068

Published Date

Mar 06, 2026

Vendor

Payload

Severity

HIGH

CVSS v4.0 Score

8.7

High severity. Prioritize patching.

Exploit Prediction (EPSS)

Probability of Exploit 0.04%

Likelihood of exploitation in next 30 days

Percentile: 12.7th percentile (higher than 12.7% of all CVEs)

Standard patching cycle

Impact

Denial of Service

Source

Editor's Choice